In some cases people do SSL termination on Load Balancers for HTTPS connection to save CPU. I was wondering if that also possible for SMTP but I've quite quicky find out that its not that easy.
General concept
+----------------+
+----------------------> POSTFIX |
| | relay |
| | +------------->
+---------+-----+ +----------------+
| | SSL/TLS PLAIN
+-------------> Load Balancer | 465,587 25
| |
+---------+-----+ +----------------+
| | POSTFIX +------------->
| | relay |
+----------------------> |
+----------------+
/etc/postfix/main.cf
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = may
/etc/postfix/tls_policy
.example.com none
example.com none
[localhost]:1125 none match=example.com